CN106059087B - A kind of intelligent substation vulnerability analysis assessment system - Google Patents
A kind of intelligent substation vulnerability analysis assessment system Download PDFInfo
- Publication number
- CN106059087B CN106059087B CN201610567927.2A CN201610567927A CN106059087B CN 106059087 B CN106059087 B CN 106059087B CN 201610567927 A CN201610567927 A CN 201610567927A CN 106059087 B CN106059087 B CN 106059087B
- Authority
- CN
- China
- Prior art keywords
- module
- management
- realization
- function
- intelligent substation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012038 vulnerability analysis Methods 0.000 title claims abstract description 58
- 238000011156 evaluation Methods 0.000 claims abstract description 44
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000004458 analytical method Methods 0.000 claims abstract description 25
- 238000007726 management method Methods 0.000 claims description 95
- 230000006870 function Effects 0.000 claims description 60
- 238000009412 basement excavation Methods 0.000 claims description 31
- 238000012360 testing method Methods 0.000 claims description 27
- 230000003068 static effect Effects 0.000 claims description 25
- 238000012544 monitoring process Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 claims description 6
- 238000005336 cracking Methods 0.000 claims description 5
- 238000012423 maintenance Methods 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 3
- 230000008520 organization Effects 0.000 claims description 3
- 208000027418 Wounds and injury Diseases 0.000 claims description 2
- 230000006378 damage Effects 0.000 claims description 2
- 238000001514 detection method Methods 0.000 claims description 2
- 208000014674 injury Diseases 0.000 claims description 2
- 238000007689 inspection Methods 0.000 claims description 2
- 238000009434 installation Methods 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 claims description 2
- 230000004044 response Effects 0.000 claims description 2
- 238000012954 risk control Methods 0.000 claims description 2
- 238000005192 partition Methods 0.000 claims 1
- 238000013468 resource allocation Methods 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 7
- 238000012545 processing Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 16
- 238000005516 engineering process Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000001681 protective effect Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 241000272814 Anser sp. Species 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000002513 implantation Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 101001094649 Homo sapiens Popeye domain-containing protein 3 Proteins 0.000 description 1
- 101000608234 Homo sapiens Pyrin domain-containing protein 5 Proteins 0.000 description 1
- 101000578693 Homo sapiens Target of rapamycin complex subunit LST8 Proteins 0.000 description 1
- 102100027802 Target of rapamycin complex subunit LST8 Human genes 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 239000012466 permeate Substances 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00001—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by the display of information or by user interaction, e.g. supervisory control and data acquisition systems [SCADA] or graphical user interfaces [GUI]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/16—Electric power substations
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Marketing (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Operations Research (AREA)
- Development Economics (AREA)
- Quality & Reliability (AREA)
- Educational Administration (AREA)
- Human Computer Interaction (AREA)
- Power Engineering (AREA)
- Game Theory and Decision Science (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of intelligent substation vulnerability analysis assessment system, the system comprises:Vulnerability checking platform and vulnerability analysis system, vulnerability checking platform are the access entrances of whole system, realize the management of whole system, user interface, the calling and management function of vulnerability analysis system, are responsible for front end and show;Vulnerability analysis system is the specific business function carrier of whole system, is responsible for the back-end processing of vulnerability analysis assessment;The system of realizing being capable of the comprehensive and accurate technique effect that analysis and evaluation is carried out to intelligent substation fragility.
Description
Technical field
The present invention relates to intelligent grid industrial control system information security field, and in particular, to a kind of intelligent substation
Vulnerability analysis assessment system.
Background technology
With being greatly improved for the level of informatization, the management and control of intelligent substation are become more dependent on based on network service
Real time information, while introduce various information security issues." BlackEnergy " Malware occurred in 2015, utilizes
The security breaches of electric system, special destruct industrial control system and ethernet connector, so as to result in the big of Ukraine
Scale power outage.On the one hand, since the electric power system of 3 Utilities Electric Co.s of Ukraine has many loopholes, such as various SCADA hardware
Deployment information can be obtained from internet, VPN passages do not carry out double factor verification etc..On the other hand, height from
Dynamicization electric power system control causes this 3 company to become target of attack.So far, the information security issue of electric system is increasingly drawn
The attention of people is played, especially as the automatic system of intelligent transformer station of joint core.
Intelligent substation mainly carries out telecommunication and communication between devices using ether net mode and control centre, stand in set
It is standby but it is more use the general-purpose operating system and common application software, be spaced layer network and employ TCP/IP communication technology.Therefore, from easy
Under fire the angle of object is analyzed, and the weak link of intelligent Substation System is mainly in station level equipment and interval layer network
In.Target of attack is mainly application file, database, operating system, communication protocol stack etc..By to station level equipment and interval
The invasion of layer network, attacker can further penetrate into bay device, so as to form serious threat to process-level network.
From the point of view of in this sense, attacker can be by using device systems loophole, application software loophole, network service
Loophole and substation management loophole carry out intelligent substation comprehensive attack and infiltration.Both included intelligence by object of attack to become
The information system in power station, also contemplated the most equipment of control system.By taking Ukraine's power grid attack in 2015 as an example, attacker
Office softwares and the loophole of substation's daily management are make use of, using being carrier with the grand office documents of malice, from entering
The personal computer for invading work of transformer substation personnel starts, and progressively permeates substation information system, and implantation destroys component, establishes long-range
SSH services back door, until control system, triggers infected equipment forced shutdown, ultimately result in Yi Wannuo-Franco Fu Sike
The control system of area portion substation is destroyed, and causes large-area power-cuts.
Information system loophole is mainly for station level and bay device, including computer operating system loophole, TCP/IP
Protocol network loophole, file loophole, database loophole etc..Network attack is unfolded mainly around ICP/IP protocol.For information system
The attack pattern of system loophole mainly includes back door utilization, password cracking, message sniff, Denial of Service attack, viral wooden horse implantation
Deng various kinds of equipment and terminal of the control system loophole mainly for wall and process layer.
In conclusion present inventor is during inventive technique scheme in realizing the embodiment of the present application, in discovery
Technology is stated at least to have the following technical problems:
In the prior art, traditional loophole, which finds that system exists, comprehensive and accurate to find intelligent substation loophole,
The technical problem of analysis and evaluation can not be carried out to intelligent substation fragility.
The content of the invention
The present invention provides a kind of intelligent substation vulnerability analysis assessment system, solves traditional loophole and finds system
In the presence of cannot it is comprehensive and accurate discovery intelligent substation loophole, it is impossible to intelligent substation fragility carry out analysis and evaluation skill
Art problem, so realize system can it is comprehensive and accurate to intelligent substation fragility carry out analysis and evaluation technique effect.
For the security status of intelligent substation, the present invention provides a set of coverage information system and the multiple rings of control system
The intelligent substation vulnerability analysis assessment system of section.The system make use of known bugs in information security field scan, is unknown
A variety of ways and meanses such as bug excavation, static evaluation instrument, with reference to the special system structure at intelligent substation scene, and its it is soft
Hardware environment, becomes intelligent transformer substation information system and control system known bugs that may be present and unknown loophole and intelligence
The administrative vulnerability occurred in the day-to-day operation of power station carries out multi-faceted covering, gives the intelligent substation based on IEC61850 agreements
The solution of system security assessment, technical support and design are provided further to establish intelligent substation security protection system
Foundation.
The intelligent substation vulnerability analysis assessment system is by vulnerability checking platform and vulnerability analysis system two
Part forms, as shown in Figure 1.Technically B/S frameworks are employed to be realized.
Vulnerability checking platform is the access entrance of whole system, realizes the management of whole system, user interface, crisp
The function such as the calling of weak property analysis system and management, is responsible for front end and shows, specifically include state and statistic unit, system administration list
Member, terminal management unit, role management unit, assessment result administrative unit totally 5 units.
State and statistic unit show history scanning result and system configuration information, including loophole mainly for detection of platform
Distribution statistics module, hazard rating statistical module, operation log module, system state module totally 4 modules.Loophole distribution statistics
Module carries out testing result quantitative statistics according to the type of loophole, loophole type include Loopholes of OS, database loophole,
Application service class loophole, network class loophole etc..Hazard rating statistical module carries out testing result according to the extent of injury of loophole
Quantitative statistics, hazard rating are divided into 4 high-risk, middle danger, low danger and safety grades.Operation log module mainly realizes intelligent power transformation
The record work(of the contents such as vulnerability analysis assessment system of standing subsystems, the user's operation of unit, alarm record, history access
Energy.System state module mainly realizes the information such as intelligent substation vulnerability analysis assessment system self-operating state, version
Display function, when specifically including CPU usage, memory usage, database disk space occupancy, product version, continuous operation
Between etc. content.
System Management Unit is mainly used for the setting and management of system basic configuration and user role, including user right pipe
Manage module, basic setup module, network settings module, system upgrade management module totally 4 modules.User authority management module master
Realize the functions such as subscriber information management, user role distribution, user right division.Basic setup module mainly realizes that system should
With functions such as configuration, time setting, disk space managements.Network settings module mainly realizes that system network card configuration, fire wall are matched somebody with somebody
The function such as put.System upgrade management module mainly realize the upgrading of each main functional modules and engine in system, database upgrade,
The functions such as application upgrade, the installation of system itself patch.
Terminal management unit is mainly used for the substation equipment management of tested power grid, including organization management module, end
End equipment management module, terminal device Online statistics module totally 3 modules.Organization management module mainly realizes management region
Have the group management function of substation under its command.Terminal unit management module mainly realizes each control system equipment and information in substation
The discovery of system equipment, typing, configuration feature.Terminal device Online statistics module mainly realizes the on-line checking of recording device
Function.
Role management unit is mainly used for the task management functions of vulnerability analysis assessment main business, including known
Vulnerability scanning task module, unknown bug excavation task module, static evaluation task module, historic task management module totally 4
Module.Known bugs scan task module mainly realizes the task configuration feature to known bugs scanning engine.Unknown leakage
Hole excavation module mainly realizes the task configuration feature to unknown bug excavation engine.Static evaluation task module is mainly real
The task creation of existing static evaluation instrument such as issues at the management function.Historic task management module mainly realizes the note of historic task
The functions such as record, backtracking.
Assessment result administrative unit is mainly used for collecting the corresponding vulnerability analysis assessment result of each task engine, and collects
Reported into comprehensive assessment, including known bugs scanning Reports module, unknown bug excavation Reports module, static evaluation report mould
Block, comprehensive assessment reporting modules totally 4 modules.Known bugs scanning Reports module is mainly realized to known bugs scanning result
Access, analyze, scoring function.Unknown bug excavation Reports module mainly realize access to unknown bug excavation result, analysis,
Scoring function.Static evaluation Reports module mainly realizes access to static evaluation result, analytic function.Mould is reported in comprehensive assessment
Block mainly realize 3 reports of the above collect and TOP SCORES, provide reparation suggest and precautionary measures, to risk control strategy into
The row effectively function such as examination & verification.
Vulnerability analysis system is the specific business function carrier of whole system, is responsible for the rear end of vulnerability analysis assessment
Reason, including System Management Unit, known bugs scanning engine unit, unknown bug excavation engine unit, static evaluation tooling order
Member, terminal management unit totally 5 units.
System Management Unit is mainly used for receiving the system operatio instruction from vulnerability checking platform, including system configuration
Management module, single-sign-on management module, log management module, running state monitoring module totally 4 modules.System configuration management
Module mainly realizes the concrete configuration function such as system basic setup, network settings, file management.Single-sign-on management module is main
Realize unified login access function of the user to each business module.Log management module mainly realizes system log, operation day
The management of the contents such as will, mission bit stream, maintenance function.Running state monitoring module mainly realizes system operation situation, resource point
Monitoring function with occupancy, multi-user access situation etc..
Known bugs scanning engine unit is mainly used for realizing the vulnerability scanning business based on known bugs storehouse, including loophole
Scan module, port scan module, password cracking module, engine configuration module totally 4 modules.Vulnerability scanning module is mainly realized
Based on the known bugs scan function of strategy, sweep object includes operating system, database, application service, embedded software, work
Special-purpose software, procotol, industrial field bus etc. are controlled, scanning strategy includes scanning, Windows or the class of varying strength type
The scanning of Unix equipment or embedded OS, network service scanning, scan database, attack scanning, virtual platform are swept
Retouch.Port scan module mainly realizes the scan function to being devices under open port, scan mode include TCP scannings and
UDP Scan.Password cracking module mainly realizes weak passwurd scanning that may be present in substation equipment and cracks function, password class
Type includes SMB agreements, snmp protocol, ORACLE databases, MS SQL databases, MySQL database, File Transfer Protocol, Telnet associations
View, POP3 agreements, IMAP protocol, Rlogin agreements, SSH agreements, DB2 database etc..Engine configuration module is mainly realized known
The parameter configuration of vulnerability scanning engine, tactical management, scan task such as set at the function.
Unknown bug excavation engine unit mainly utilizes fuzz testing technology, by simulating each equipment in intelligent substation
Corresponding communication protocol sends mechanism, is sent to become the test packet that exclusive or includes mistake, monitors the response report of measurand
Text finds the security risk of intelligent substation to find mistake.Unknown bug excavation engine unit includes bug excavation mould
Block, test case management module, consultative management module, engine configure totally 4 modules.Bug excavation module mainly realizes engine pair
The function such as the message transmission of equipment under test and monitoring, analysis on monitoring result.Test case management module mainly realizes test case
The management of collection and script function.Consultative management module mainly realizes the management of tested network or industry control agreement, including
The power grid such as TCP/IP class standards Ethernet protocol and Modbus, IEC61850, DNP3 often uses industry control agreement.Engine configuration module
Mainly realize that the parameter configuration of unknown bug excavation engine, test case rule configure, fuzzy message quantity controls, variation storehouse model
Contain the functions such as system.
Static evaluation tool unit using daily management maintenance work method of the static evaluation instrument to intelligent substation and
Flow carries out questionnaire assessment, including questionnaire module, management module, the instrument configuration module of scoring totally 3 modules.Questionnaire
Module mainly realizes the Webpage realization of questionnaire and function of filling in a form.Scoring management module is mainly realized questionnaire topic and is answered
Case checks function.Instrument configuration module mainly realizes the functions such as the number control that takes one's test, topic scope control.Separately
Outside, the responsible party of substation management maintenance work includes the relevant staff such as operations staff, relay protection personnel.Test assessment
According to mainly include national information protection based on security rank system and《Electric power monitoring system security protection provides》Related requirement.
The one or more technical solutions provided in the embodiment of the present application, have at least the following technical effects or advantages:
It is designed as including as a result of by intelligent substation vulnerability analysis assessment system:Vulnerability checking platform is whole
The access entrance of a system, realizes management, user interface, the calling of vulnerability analysis system and management of whole system etc.
Function, is responsible for front end and shows;Vulnerability analysis system is the specific business function carrier of whole system, and responsible vulnerability analysis is commented
The back-end processing estimated, i.e. traditional loophole is found and method for digging is primarily directed to conventional computer system, not for intelligence
The solution of substation, also finds method without corresponding Substation control equipment loophole;It is crisp to distinguish traditional information security
Weak property analysis system, system of the present invention can complete the vulnerability analysis and evaluation work to industrial control system;This hair
The bright static evaluation method by information security field is applied in the vulnerability analysis assessment of intelligent substation;Not only realize
Vulnerability analysis to information system side, and realize and the fragility of control system is analyzed, traditional based on
On the basis of knowing the vulnerability analysis method of loophole, unknown bug excavation method and static evaluation method is introduced, so, effectively solve
The loophole for having determined traditional, which finds that system exists, comprehensive and accurate to find intelligent substation loophole, it is impossible to intelligent substation
Fragility carry out analysis and evaluation technical problem, and then realize system can it is comprehensive and accurate to intelligent substation fragility into
The technique effect of row analysis and evaluation.
Brief description of the drawings
Attached drawing described herein is used for providing further understanding the embodiment of the present invention, forms one of the application
Point, do not form the restriction to the embodiment of the present invention;
Fig. 1 is the composition schematic diagram of the application intelligent substation vulnerability analysis assessment system;
Fig. 2 is the deployment schematic diagram of the application intelligent substation vulnerability analysis assessment system.
Embodiment
The present invention provides a kind of intelligent substation vulnerability analysis assessment system, solves traditional loophole and finds system
In the presence of cannot it is comprehensive and accurate discovery intelligent substation loophole, it is impossible to intelligent substation fragility carry out analysis and evaluation skill
Art problem, so realize system can it is comprehensive and accurate to intelligent substation fragility carry out analysis and evaluation technique effect.
In order to better understand the above technical scheme, in conjunction with appended figures and specific embodiments to upper
Technical solution is stated to be described in detail.
With reference to specific embodiment and attached drawing, make detailed description further, but the implementation of the present invention to the present invention
Mode not limited to this.
Below in conjunction with the accompanying drawings 2, the embodiment of the present invention is described.
It is typical " three layer of two net " structure to consider intelligent substation:Station level, wall, process layer, interval layer network,
Process-level network.The equipment of process layer is to region be directly facing the primary equipment of electric system, mainly intelligent terminal and combining unit,
Deployed position is by outdoor primary equipment.Intelligent terminal mainly passes through the upward transmission of monitoring data of GOOSE messages or reception
Instruction that bay device issues etc., switch control is carried out to primary equipment.The key data of GOOSE message transmissions be open into
(The routine of intelligent terminal open into etc.), output(Tripping, remote control, start failure protection, interlocking, self-test information etc.), requirement of real-time is not
High analog quantity(Ambient temperature and humidity, DC quantity).Combining unit is mainly to be collected conversion to the analog signal of primary equipment,
Bay device is uploaded to by SV messages, SV messages are mainly sampled measurement.Bay device mainly has following a few classes:
Measure and control device, protective device, failure wave-recording equipment, network message analytical equipment.Measure and control device mainly collect combining unit and
Intelligent terminal uploads data, issues station level equipment.Protective device is that the carry out to combining unit and Intelligent terminal data is real-time
Monitoring, once abnormal conditions occur makes protection act in time, primary equipment is controlled by intelligent terminal, ensures primary equipment peace
Quan Xing.Station level equipment is mainly the monitoring station being made of multiple operator stations, the monitoring to whole station general status, including scene
On off state of primary equipment etc., communicates with bay device and meets MMS service models.
Communication is carried out by interchanger between station level and bay device.Lead between bay device and process layer devices
News carry out in addition to protective device, and by interchanger.Protective device is the same as straight using optical fiber between intelligent terminal and combining unit
Mode even, " directly adopting straight jump " ensure timely discovery processing of the protective device for abnormal conditions, it is ensured that one in truth
Secondary device security.
For above structure, intelligent substation vulnerability analysis assessment system of the present invention is spaced layer network by accessing
Disposed with process-level network, security evaluation is carried out to field device in control system maintenance off-line.Wherein, fragility point
Analysis system is deployed in dedicated industrial control host, can be loaded by single cabinet equipment, can be also made of multiple cabinet modules.Safety point
Analysis Evaluation Platform is deployed in the computer equipment with display terminal.Safety analysis Evaluation Platform host and vulnerability analysis system
System is carried out direct-connected by ethernet line.Vulnerability analysis system by ethernet line and optical fiber cable be respectively connected to interval layer network and
In the interchanger of process-level network.
The test and appraisal object of known bugs scanning engine unit is all devices in wall network and process-level network.
Being spaced layer network device includes each work station in the layer network of interval, transforming plant protecting device, measure and control device, failure
Recording system, quality monitoring device and other smart machines etc..Scanning process is:First, by be spaced layer network scanning,
It was found that all devices assets in network, determine whether that illegality equipment accesses.Secondly, by further to specific equipment or end
The detailed scanning at end, identifies the various information of scanned object, on operating system, network name, user information, unconventional port
Open service etc..Finally, the popular system of covering scanning and database loophole, loophole include but not limited to weak passwurd, user
Authority loophole, access registrar loophole, system integrity inspection, storing process loophole and application program relevant with database leakage
Hole etc..
Process-level network equipment include process-level network in each equipment and terminal, including protection location, measurement and control unit,
Combining unit, intelligent terminal etc..Scanning process is:First, using technologies such as intelligent port service identifications, find and identify not
The operating system of the control system of same type, port, information on services.Secondly, for traditional information technoloy equipment/system in control system
And each quasi-controller or terminal customized in industrial control system carries out vulnerability scanning.
The test and appraisal object of unknown bug excavation unit is all devices in wall network and process-level network.It is scanned
Cheng Shi:First, the device address and its port found according to known bugs scanning element, single setting in single connection network
It is standby.Secondly, by selecting test case to combine, message transmission or message aggression is carried out to measurand, judge measurand
Return the result.The tested agreement agreement such as including IP, TCP, UDP, ICMP, IEC61850, Modbus/TCP.Wherein,
IEC61850 agreements include Goose parts and SV parts, are mainly used for the bug excavation work of each equipment in process-level network.
The test and appraisal object of static evaluation tool unit is the operations staff and relay protection personnel of intelligent substation, is asked using investigation
Volume mode, obtains actual the day-to-day operation maintaining method and strategy of tested substation, judges security risk therein, finally obtain
The assessment result of administrative vulnerability.Static evaluation instrument includes information system inquiry module and control system inquiry module.Information system
System inquiry module mainly tests and assesses operations staff, and control system inquiry module mainly tests and assesses relay protection personnel.
Technical solution in above-mentioned the embodiment of the present application, at least has the following technical effect that or advantage:
It is designed as including as a result of by intelligent substation vulnerability analysis assessment system:Vulnerability checking platform is whole
The access entrance of a system, realizes management, user interface, the calling of vulnerability analysis system and management of whole system etc.
Function, is responsible for front end and shows;Vulnerability analysis system is the specific business function carrier of whole system, and responsible vulnerability analysis is commented
The back-end processing estimated, i.e. traditional loophole is found and method for digging is primarily directed to conventional computer system, not for intelligence
The solution of substation, also finds method without corresponding Substation control equipment loophole;It is crisp to distinguish traditional information security
Weak property analysis system, system of the present invention can complete the vulnerability analysis and evaluation work to industrial control system;This hair
The bright static evaluation method by information security field is applied in the vulnerability analysis assessment of intelligent substation;Not only realize
Vulnerability analysis to information system side, and realize and the fragility of control system is analyzed, traditional based on
On the basis of knowing the vulnerability analysis method of loophole, unknown bug excavation method and static evaluation method is introduced, so, effectively solve
The loophole for having determined traditional, which finds that system exists, comprehensive and accurate to find intelligent substation loophole, it is impossible to intelligent substation
Fragility carry out analysis and evaluation technical problem, and then realize system can it is comprehensive and accurate to intelligent substation fragility into
The technique effect of row analysis and evaluation.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make these embodiments other change and modification.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and scope.In this way, if these modifications and changes of the present invention belongs to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these modification and variations.
Claims (10)
- A kind of 1. intelligent substation vulnerability analysis assessment system, it is characterised in that the system comprises:Vulnerability checking platform, the vulnerability checking platform include:State and statistic unit, the state and statistic unit are used History scanning result and system configuration information are shown in detection platform;The first system administrative unit, the first system management are single Member is used for the setting and management of analysis and evaluation system basic configuration and user role;First terminal administrative unit, described first eventually End administrative unit is used for the substation equipment management for being tested power grid;Role management unit, the role management unit are used for fragility The task management functions of property analysis and evaluation business;Assessment result administrative unit, the assessment result administrative unit are used to collect each The corresponding vulnerability analysis assessment result of task engine, and it is aggregated into comprehensive assessment report;Vulnerability analysis system, the vulnerability analysis system include:Second system administrative unit, the second system management are single Member is used to receive the system operatio instruction from vulnerability checking platform, and vulnerability analysis system is managed;Known leakage Hole scanning engine unit, the known bugs scanning engine unit are used for realization the vulnerability scanning business based on known bugs storehouse; Unknown bug excavation engine unit, the unknown bug excavation engine unit are used for the security risk for finding intelligent substation;It is quiet State assessment tool unit, the static evaluation tool unit are safeguarded using daily management of the static evaluation instrument to intelligent substation Method of work and flow carry out questionnaire assessment;Second terminal administrative unit, the second terminal administrative unit are used to be tested power grid Substation equipment management.
- 2. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the state and system Meter unit specifically includes:Loophole distribution statistics module, hazard rating statistical module, operation log module, system state module;Leakage Hole distribution statistics module carries out quantitative statistics according to the type of loophole to testing result;Hazard rating statistical module is according to loophole The extent of injury carries out quantitative statistics to testing result;Operation log module is used for realization intelligent substation vulnerability analysis assessment system Subsystems, the user's operation of unit, alarm record, the history of uniting access the writing function of content;System state module is used for Realize intelligent substation vulnerability analysis assessment system self-operating state, the display function of version breath.
- 3. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the first system Administrative unit specifically includes:User authority management module, basic setup module, network settings module, system upgrade management module; User authority management module is used for realization subscriber information management, user role distribution, user right partition functionality;Basic setup mould Block is used for realization analysis and evaluation system application configuration, the time is set, disk space management function;Network settings module is used for realization Analysis and evaluation system network card configuration, firewall configuration function;System upgrade management module is used for realization in analysis and evaluation system respectively The upgrading of function module and engine, database upgrade, application upgrade, system itself patch installation function.
- 4. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the first terminal Administrative unit specifically includes:Organization management module, terminal unit management module, terminal device Online statistics module;Tissue Configuration management module is used for realization the group management function that management region has substation under its command;Terminal unit management module is used for realization change The discovery of each control system equipment and information system equipment, typing, configuration feature in power station;Terminal device Online statistics module It is used for realization the on-line checking function of recording device.
- 5. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the task management Unit specifically includes known bugs scan task module, unknown bug excavation task module, static evaluation task module, history and appoints Business management module;Known bugs scan task module is used for realization the task configuration feature to known bugs scanning engine; Unknown bug excavation task module is used for realization the task configuration feature to unknown bug excavation engine;Static evaluation task The task creation that module is used for realization static evaluation instrument issues management function;Historic task management module is used for realization history and appoints Record, the back track function of business.
- 6. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the assessment result Administrative unit specifically includes:Known bugs scanning Reports module, unknown bug excavation Reports module, static evaluation Reports module, Comprehensive assessment reporting modules;Known bugs scanning Reports module is used for realization access to known bugs scanning result, analyzes, comments Divide function;Unknown bug excavation Reports module is used for realization access to unknown bug excavation result, analysis, scoring function;It is quiet State assessment Reports module is used for realization access to static evaluation result, analytic function;Comprehensive assessment reporting modules are used for realization Above known bugs scanning Reports module, unknown bug excavation Reports module, the report of static evaluation Reports module collect and always Body scores, and provides reparation suggestion and precautionary measures, risk control strategy is audited.
- 7. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the second system Administrative unit specifically includes:System configuration management module, single-sign-on management module, log management module, running state monitoring Module;System configuration management module is used for realization the basic setup of vulnerability analysis system, network settings, file management configuration work( Energy;Single-sign-on management module is used for realization unified login access function of the user to each business module;Log management module It is used for realization system log, operation log, the management of mission bit stream content, maintenance function;Running state monitoring module is used for real Existing vulnerability analysis system operation situation, resource allocation take, the monitoring function of multi-user access situation.
- 8. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the known bugs Scanning engine unit specifically includes:Vulnerability scanning module, port scan module, password cracking module, engine configuration module;Loophole Scan module is used for realization the known bugs scan function based on strategy;Port scan module is used for realization to being devices under out Put the scan function of port;Password cracking module is used for realization weak passwurd scanning that may be present in substation equipment and cracks work( Energy;Parameter configuration, tactical management, the scan task that engine configuration module is used for realization known bugs scanning engine set function.
- 9. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that unknown bug excavation Engine unit utilizes fuzz testing, mechanism is sent by simulating each corresponding communication protocol of equipment in intelligent substation, to quilt Survey object and send and become the test packet that exclusive or includes mistake, monitor the response message of measurand to find mistake, and then find The security risk of intelligent substation;Unknown bug excavation engine unit includes bug excavation module, test case management module, association Discuss management module, engine configuration module;Bug excavation module be used for realization engine the message that is devices under is sent and is monitored, Analysis on monitoring result function;Test case management module is used for realization management and the script function of test use cases;Agreement Management module is used for realization the management of tested network or industry control agreement;Engine configuration module is used for realization unknown bug excavation and draws Parameter configuration, the configuration of test case rule, the control of fuzzy message quantity, the variation storehouse scope control function held up.
- 10. intelligent substation vulnerability analysis assessment system according to claim 1, it is characterised in that the static state is commented Estimate tool unit to specifically include:Questionnaire module, scoring management module, instrument configuration module;Questionnaire module is used for real The Webpage of existing questionnaire is realized and function of filling in a form;Scoring management module is used for realization the matching inspection of questionnaire topic and answer Look into function;Instrument configuration module is used for realization the number control that takes one's test, topic scope control function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610567927.2A CN106059087B (en) | 2016-07-19 | 2016-07-19 | A kind of intelligent substation vulnerability analysis assessment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610567927.2A CN106059087B (en) | 2016-07-19 | 2016-07-19 | A kind of intelligent substation vulnerability analysis assessment system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106059087A CN106059087A (en) | 2016-10-26 |
| CN106059087B true CN106059087B (en) | 2018-05-08 |
Family
ID=57187120
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610567927.2A Active CN106059087B (en) | 2016-07-19 | 2016-07-19 | A kind of intelligent substation vulnerability analysis assessment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106059087B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106713284A (en) * | 2016-12-02 | 2017-05-24 | 国网浙江省电力公司电力科学研究院 | Industrial control security testing system, and industrial control system |
| CN107220742B (en) * | 2017-04-13 | 2020-06-05 | 中国南方电网有限责任公司超高压输电公司曲靖局 | Information system development general supporting method and platform based on system vulnerability analysis |
| CN106933156B (en) * | 2017-04-14 | 2019-04-23 | 南方电网科学研究院有限责任公司 | A kind of the O&M quality control method and device of substation |
| CN107239705B (en) * | 2017-05-25 | 2020-07-24 | 中国东方电气集团有限公司 | Non-contact type industrial control system or equipment static vulnerability detection system and detection method |
| CN107347074B (en) * | 2017-08-09 | 2019-09-06 | 中国信息通信研究院 | A kind of method of determining network equipment safety |
| CN109583671A (en) * | 2017-09-28 | 2019-04-05 | 中国南方电网有限责任公司超高压输电公司曲靖局 | A kind of development of information system support platform general-purpose based on system vulnerability analysis |
| CN108509798A (en) * | 2018-03-31 | 2018-09-07 | 河南牧业经济学院 | A kind of computer software analysis system |
| CN108924102B (en) * | 2018-06-21 | 2020-03-10 | 电子科技大学 | Efficient industrial control protocol fuzzy test method |
| CN109639491B (en) * | 2018-12-19 | 2020-01-07 | 广东工业大学 | Intelligent substation relay protection vulnerability assessment model generation method |
| CN110166440B (en) * | 2019-04-26 | 2021-11-30 | 中国人民解放军战略支援部队信息工程大学 | Printing protocol vulnerability analysis method and system |
| CN110677273B (en) * | 2019-08-19 | 2021-01-01 | 浙江大学 | Fuzzy test method for GOOSE protocol of intelligent substation |
| CN111131274A (en) * | 2019-12-27 | 2020-05-08 | 国网四川省电力公司电力科学研究院 | Non-invasive intelligent substation vulnerability detection method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368634A (en) * | 2011-09-14 | 2012-03-07 | 文存润 | Unified information platform system for state monitoring of intelligent transformer substation |
| CN104699940A (en) * | 2014-11-28 | 2015-06-10 | 国网上海市电力公司 | Power grid infrastructure vulnerability evaluation method based on triangular chart method |
-
2016
- 2016-07-19 CN CN201610567927.2A patent/CN106059087B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368634A (en) * | 2011-09-14 | 2012-03-07 | 文存润 | Unified information platform system for state monitoring of intelligent transformer substation |
| CN104699940A (en) * | 2014-11-28 | 2015-06-10 | 国网上海市电力公司 | Power grid infrastructure vulnerability evaluation method based on triangular chart method |
Non-Patent Citations (2)
| Title |
|---|
| 网络环境下变电站自动化系统脆弱性评估;张昊;《中国优秀硕士学位论文全文数据库》;20091015;第1-40页 * |
| 考虑选择性网络攻击的电网脆弱性分析;周杰等;《中国优秀硕士学位论文全文数据库》;20131231;第1-35页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106059087A (en) | 2016-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106059087B (en) | A kind of intelligent substation vulnerability analysis assessment system | |
| Suleiman et al. | Integrated smart grid systems security threat model | |
| Yang et al. | Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems | |
| Kuwatly et al. | A dynamic honeypot design for intrusion detection | |
| CN108809951A (en) | A kind of penetration testing frame suitable for industrial control system | |
| CN108646722A (en) | A kind of industrial control system information security simulation model and terminal | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| Barbosa | Anomaly detection in SCADA systems: a network based approach | |
| CN107995192B (en) | Detection and blocking system for network boundary violation inlining | |
| Dalamagkas et al. | A survey on honeypots, honeynets and their applications on smart grid | |
| Giani et al. | The VIKING project: An initiative on resilient control of power networks | |
| CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
| CN109922073A (en) | Network security monitoring device, method and system | |
| CN106230780A (en) | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform | |
| Bidou | Security operation center concepts & implementation | |
| CN112711509A (en) | Method and system for improving operation and maintenance safety of data center machine room | |
| CN103378991A (en) | Online service abnormity monitoring method and monitoring system thereof | |
| CN108769289A (en) | A kind of network address resources Visualized management system | |
| CN104702603A (en) | Multi-view-angle security auditing system for mobile internet | |
| Hahn et al. | An evaluation of cybersecurity assessment tools on a SCADA environment | |
| CN109636971A (en) | A kind of intelligent Community safety entrance guard management method and system | |
| CN104486320A (en) | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology | |
| Ten et al. | Cybersecurity for electric power control and automation systems | |
| McLaughlin et al. | Secure communications in smart grid: Networking and protocols | |
| CN113965355B (en) | Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |